Licensing Transparency

Exactly how licensing works. No ambiguity.

How Licensing Works

Box uses a freemium model. One email account is free, forever — full functionality, no trial, no countdown. If you need unlimited accounts, a one-time $10 payment unlocks them for life.

After purchasing through Stripe, your license key is delivered via email. To activate, enter the key in Settings > License. Your machine registers with Locksmith, our lightweight licensing service. A signed token is stored in your OS keyring, and from that point forward, license verification happens locally on each launch — no network connection required.

Machine Activation

Each license allows activation on up to 5 machines. A machine is identified by /etc/machine-id, an OS-provided identifier that is stable across reboots and non-invasive — it reveals nothing about your hardware or identity.

  • Machines can be deactivated from within the app at any time.
  • Stale machines are automatically deactivated after 90 days of inactivity.

Offline Behavior

After activation, Box verifies your license locally using Ed25519 signature verification. No server connection is required. The app works offline indefinitely.

An optional periodic validation updates the “last seen” timestamp on the licensing server and catches any revocations. If the licensing server is unreachable, the local token stands — your workflow is never interrupted.

Privacy Protections

Locksmith receives only the minimum data needed to enforce fair usage limits:

  • Product identifier
  • License key
  • Machine ID
  • Optional device name

Locksmith does not receive:

  • Email content
  • Account credentials
  • IP addresses
  • Hardware serial numbers
  • Usage data

The licensing service exists solely to enforce fair usage limits. Nothing more.

Edge Cases

  • OS reinstall: A fresh install generates a new machine ID, which uses a new activation slot. The old slot is automatically freed after 90 days.
  • Machine limit reached: The app shows your active machines and lets you deactivate any of them to free a slot.
  • License revocation: The local token is deleted and the app restricts to 1 account.
  • Server outage: Existing activations continue working indefinitely. Local tokens are self-contained.

For more details, see our Privacy Architecture and FAQ.